HIPAA Compliance for Access Control
HIPAA refers to the Health Insurance Portability and Accountability Act of 1996 which was introduced by the US administration of that time in order to ensure the safety and security of the electronic Protected Health Information (PHI). PHI is the information of the common people and patients that have been associated to a health clearing agent or a health insurer. The HIPAA concentrates on the safekeeping and protection of these records. The figure below provides a basic idea of what features are required to analyze when examining the HIPAA compliance, this article will focus on HIPAA physical safeguards.
HIPAA’s effectiveness is based on its access control compliance of the administrative, technological, and physical access. When considering the HIPAA physical safeguards, the importance of e-PHI must not be diminished as these Protected Health Information documents are in the form of scanned images, pdf files and other database records.
The basic parameters for HIPAA access control compliance in terms of physical security domain as provided by an article are Facility Access Controls, Workstation Use, Workstation Security and Devices and Media Controls.
- Physical safeguard or Facility Access Controls: The physical security of server rooms and other related physical structure which supports and holds the PHI documents.
- Workstation Use: the safe utilization of associated workstations like computers to the main server.
- Workstation Security: a secure system or procedure that ensures the physical, technical and administrative safety of workstations.
- Devices and Media Controls: the connectivity of devices and other media to the main PHI containing servers and the restricted accessibility of such servers to authorized individuals.
HIPAA Physical Security Compliance Procedure
HIPAA physical security compliance is based on the above mentioned four basic parameters that are Facility Access Controls, Workstation Use, Workstation Security and Devices and Media Controls. The figure below represents the flow of the process to ensure the compliance of physical security of the highlighted four factors. Physical inspections from time to time with constant safeguarding, timely staff training and interviews, random technical checks of workstations, main server and networks inspection for any malware or loopholes. Also, documentation of the gathered information and auditing of the process from time to time is also essential to enhance the credibly of the system.
Who's and How's of HIPAA compliance
The figure below sheds light on the importance of employees, company policy, firm processes and physical safeguarding of the systems for the purpose of HIPAA compliance. This video provides an understanding on how to improve privacy practices inside healthcare premises by ensuring HIPAA access control compliance. Also, HIPAA has provided a checklist on its website in an article named as HIPAA Compliance Checklist 2017. Lastly, Andrew Mitchell’s Better Access Control with Less Configuration: Ownership delivers some understanding of the who’s and how’s.
All healthcare premises, health insurers and insuring clearance agents along with their business associates who might handle the PHI data typically have to be HIPAA compliant. This is possible by implementing secrecy of data, training employees, having HIPAA physical safeguards, and by following data privacy and authorization practices within their organization.